Hi, Robert, thanks for that. See below.
On Jul 4, 2012, at 8:55 AM, Robert Guerra wrote: > Katrin, > > Likely what is being displayed is the HTML page title, which google updates > per each email that is viewed or composed. Yeah but that's a choice gmail/fb make for some usability/ease of use/whatever reason that backfires for those users dependent on internet cafes who are not deleting their browser history. Of course, as was pointed out to me, there is also the problem of keylogger software on many computers in many cafes in many repressive countries that records passwords etc.... which, of course, is an important related issue but not one I am getting into here :) > > The data being displayed is - sensitive data - as such would likely have been > included in the privacy impact analysis that all GNI companies need to do Has the privacy impact analysis been released? I am copying Susan on this to shed light on how and what role GNI plays in this (not clear on this but Sudan can enlighten us) > . If there's a variation between them on this, then that should be pointed > out. Between Yahoo v gmail? Is that what you mean? Trying to understand what you are getting at... And yes, seems like an easy fix that would increase privacy for users on shared computers without a huge loss of usability. > > Robert > > -- > R. Guerra > Phone/Cell: +1 202-905-2081 > Twitter: twitter.com/netfreedom > Email: [email protected] > > On 2012-07-04, at 7:52 AM, Katrin Verclas wrote: > >> Hi all -- >> >> Question for you: A colleague noticed in an Internet cafe (in a repressive >> country) that in FireFox and Chrome the browser history reveals the subject >> line of gmail. The history also reveals the name of the person a user >> Facebook-messaged and profile pages visited. The same was not true for >> Yahoo or hotmail. >> >> See below for a sample screenshot that illustrates what I am talking about >> (using the latest version of FF on Mac OS) It seems to be a function of >> gmail/FB not the browser (same happens in Chrome and Safari, did not try for >> IE). As I said, Yahoo mail and Hotmail do not reveal the subject line in >> the history as far as we could see. >> >> So - is this and oversight or deliberate on the part of Gmail/F? >> >> It seems potentially rather problematic since most users do not delete their >> history nor use any private browsing features or software when in an >> internet cafe. We looked at detailed name/subject line/FB social grapsh in >> the browser history of machines in the cafe for at least eight months back). >> With this information it is very easy to see an individual's activity >> without any other digital logs installed. >> >> Curious about this from a technical POV and whether it can be fixed by >> Gmail/Facebook. We can involve the right people there; after understanding >> this better. >> >> In the meantime, this definitely should be covered in any trainings (that is >> - do not use a a sensitive or revealing subject line, delete your history, >> browse in private mode, etc) >> >> Thanks for any insights. >> >> Best, >> >> Katrin >> >> >> >> <Screen shot 2012-07-04 at 7.37.19 AM.png> > Katrin Verclas MobileActive.org [email protected] skype/twitter: katrinskaya (347) 281-7191 Check out SaferMobile.org Using Mobile Technology More Securely. For Activists, Rights Defenders, and Journalists. https://safermobile.org MobileActive.org: A global network of people using mobile technology for social impact http://mobileactive.org _______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
